MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b1ab97107985efa7d33f96801bd6260a3f230c97df7be24642c1cf300722902. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b1ab97107985efa7d33f96801bd6260a3f230c97df7be24642c1cf300722902
SHA3-384 hash: d3c0c87c72b99d62d0cfaec515a2986ecea473f3c3affaf6c1eabf104c44a3297c3c48444a97ba74439538decaa81b7d
SHA1 hash: cf06cba18c619c4658f8939c961209fadb8bef06
MD5 hash: 8c6ce1a24d7081d10468317cea1d1434
humanhash: seven-idaho-red-zebra
File name:Rmittance Advice 017700 9001 PDF.R01
Download: download sample
Signature MassLogger
Create hunting rule
File size:932'907 bytes
First seen:2020-12-05 15:25:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:4OyYkpY+wpFPiKN2BPoNybi7yQk6wFvWwf68WuPApuU:eYkpZWvN2Beyb6y96eu46a2V
TLSH 5E15331D9B35F7FCEE61B838A5CC9B057C560AA01D36B861FE0FC9E7583212590AF4A1
Reporter abuse_ch
Tags:MassLogger r01


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vm1621512.nvme.had.ytbanabiosa.com
Sending IP: 185.244.216.74
From: impexland@banabiosa.com
Subject: Payment For Outstanding Invoices
Attachment: Rmittance Advice 017700 9001 PDF.R01 (contains "Rmittance Advice 017700 9001.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.23512.32583.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b1ab97107985efa7d33f96801bd6260a3f230c97df7be24642c1cf300722902/
Threat name:
ByteCode-MSIL.Trojan.MassLogger
Create hunting rule
Status:
Malicious
First seen:
2020-12-05 09:54:55 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmnls4ihtbppu7jt7fuadplcmcr7emgjpx334jdefqopgadsfeba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/2b1ab97107985efa7d33f96801bd6260a3f230c97df7be24642c1cf300722902

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 2b1ab97107985efa7d33f96801bd6260a3f230c97df7be24642c1cf300722902

(this sample)

MassLogger

Executable exe b5ac541a4baee69325c9f73ba6fe8e93d74fe3c302708373fab4fc0a55e3745b

  
Dropping
MD5 f71192136c55245729661eb552eaaf37
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5ac541a4baee69325c9f73ba6fe8e93d74fe3c302708373fab4fc0a55e3745b

Comments